Finfare Financial Inc. is a financial technology company that helps businesses and consumers grow their money, manage their spending, and take control of their financial futures. Because Finfare handles personal identity and financial information, they operate in a highly regulated environment. Here, security and compliance are not just checkboxes, but fundamental to maintaining customer confidence. By adopting Chainguard, Finfare has been able to maintain compliance while reaching new levels of efficiency.

Challenge: Maturing security and compliance while maintaining speed

For Chad Brustin, Finfare’s VP of Information Security, the challenge his team encountered was twofold: prioritizing security fixes efficiently while ensuring development velocity remained unaffected. With a high number of vulnerabilities in their container images and limited engineering resources, it was difficult for Finfare to execute on both of these priorities without making significant compromises.

Additionally, meeting stringent compliance requirements like PCI, SOC 2 Type 2, and ISO 27001 was critical to maintaining customer trust and regulatory approval, and Finfare wanted to be able to present quantifiable security improvements to auditors.

Solution: A secure-by-default approach with Chainguard Containers

When Chad was introduced to Chainguard by his DevOps team, he saw an immediate opportunity to validate its impact. His approach was straightforward: put Chainguard Containers to the test. “Even in a simple proof of concept, you can see the value instantly—just run it alongside any static scanning tool and watch how many vulnerabilities it eliminates,” Chad shared.

Juan Diaz, Senior DevOps Engineer, quickly got the solution up and running. “Deploying Chainguard Containers was quick and straightforward,” Juan said. “We pushed the images to AWS ECR, updated our Dockerfiles, and made a few minor permission tweaks. That was it — a low-effort change with high-impact results.”

The results spoke for themselves. After evaluating vulnerability counts before and after deployment, the team swiftly rolled out Chainguard Containers for Node and JDK across 12 repositories. Within a week, the transformation was undeniable:

Building credibility

For both Chad and Finfare’s security auditors, the value was clear. With Chainguard Containers, Finfare could present their security improvements in a tangible, data-driven way, streamlining compliance discussions and reinforcing their security maturity. As Chad said, “An auditor isn’t going to take my word for it, they want to see the actual data. With Chainguard, we can show day-over-day and week-over-week scans.” Even for those without a technical background, Chad found that explaining the security improvements they’ve made was a simple story to tell them.

Driving efficiency and cost savings

Finfare also found that the team could reduce the time and effort spent on vulnerability management. Security discussions in sprint planning became more focused, allowing teams to prioritize effectively rather than getting bogged down by low-priority issues. Chad noted, “I can spend less time in sprint planning talking about all of our vulnerabilities. Chainguard Containers are a quick way to take ground and show improvement.”

And while Chad can refocus his time toward other security tasks, Finfare’s software developers can focus on what they do best—shipping software. As Chad said, “Chainguard lets me focus on my role and lets developers do what they do best.”

Time and effort saved translates directly to cost savings. “When you compare a full-team of 25 people doing sprint planning for vulnerability management at $100 an hour to the Chainguard licence fee, the value is pretty straightforward,” Chad said.

For Finfare, integrating Chainguard into their security strategy was a game changer. As Chad puts it, "Even if you spent two weeks straight fixing vulnerabilities, you’re not gonna get as many wins as you will with Chainguard." With Chainguard handling the heavy lifting, Finfare was able to streamline compliance efforts, present tangible, data-driven security improvements to auditors, and save significant time and resources. As Chad adds, "If your goal is to shift left quickly and safely without breaking things, Chainguard is a tested way to do that."